Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

6,093 advisories

Loading
Liferay Portal Does Not Limit Access to APIs Before Email Verification Moderate
CVE-2025-62259 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025
Liferay Portal Vulnerable to CSRF in Headless APIs High
CVE-2025-62258 was published for com.liferay.portal:release.portal.bom (Maven) Oct 28, 2025
Liferay Portal Stores Password Reset Tokens in Plain Text Moderate
CVE-2025-62261 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 28, 2025
Liferay Portal Vulnerable to Information Exposure Through a Log File Vulnerability in LDAP Import Feature Moderate
CVE-2025-62262 was published for com.liferay:com.liferay.portal.security.ldap.impl (Maven) Oct 27, 2025
Liferay Portal Vulnerable to Cross-Site Scripting Moderate
CVE-2025-62263 was published for com.liferay:com.liferay.account.admin.web (Maven) Oct 27, 2025
Liferay Portal Vulnerable to Open Redirect via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_redirect parameter Moderate
CVE-2025-62253 was published for com.liferay:com.liferay.layout.admin.web (Maven) Oct 27, 2025
Keycloak TLS Client-Initiated Renegotiation Denial of Service High
CVE-2025-11419 was published for org.keycloak:keycloak-quarkus-dist (Maven) Oct 27, 2025
InventoryGui allows item duplication with experimental "Bundle" item in GUIs which use GuiStorageElement Moderate
CVE-2025-62782 was published for de.themoep:inventorygui (Maven) Oct 27, 2025
InventoryGui affected by item duplication in GUIs which use GuiStorageElement Moderate
CVE-2025-62783 was published for de.themoep:inventorygui (Maven) Oct 27, 2025
FaMa91
Credited to FaMa91
Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences Low
CVE-2025-55754 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
Apache Tomcat Vulnerable to Relative Path Traversal High
CVE-2025-55752 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
aruneko
Credited to aruneko
Apache Tomcat Vulnerable to Improper Resource Shutdown or Release Low
CVE-2025-61795 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 27, 2025
Bouncy Castle Vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2025-12194 was published for org.bouncycastle:bc-fips (Maven) Oct 25, 2025
Liferay Portal ComboServlet denial of service via large file combination Moderate
CVE-2025-62254 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 24, 2025
MCMS reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2025-60837 was published for net.mingsoft:ms-mcms (Maven) Oct 23, 2025
Liferay Portal Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page Low
CVE-2025-62255 was published for com.liferay:com.liferay.knowledge.base.web (Maven) Oct 23, 2025
Keycloak does not invalidate offline sessions when the offline_access scope is removed Moderate
CVE-2025-12110 was published for org.keycloak:keycloak-services (Maven) Oct 23, 2025
Keycloak does not invalidate sessions when "Remember Me" is disabled Moderate
CVE-2025-11429 was published for org.keycloak:keycloak-services (Maven) Oct 23, 2025
Liferay Portal and DXP do not properly restrict access to OpenAPI Moderate
CVE-2025-62256 was published for com.liferay:com.liferay.portal.security.auth.verifier (Maven) Oct 23, 2025
Liferay Portal and DXP are Missing Authorization in Collection Provider Low
CVE-2025-62247 was published for com.liferay:com.liferay.search.experiences.service (Maven) Oct 22, 2025
Liferay Portal and Liferay DXP vulnerable to reflected cross-site scripting (XSS) Moderate
CVE-2025-62248 was published for com.liferay:com.liferay.dynamic.data.mapping.web (Maven) Oct 22, 2025
Sakai kernel-impl: predictable PRNG used to generate server‑side encryption key in EncryptionUtilityServiceImpl Moderate
CVE-2025-62710 was published for org.sakaiproject.kernel:sakai-kernel-impl (Maven) Oct 22, 2025
Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names Low
CVE-2025-11966 was published for io.vertx:vertx-web (Maven) Oct 22, 2025
Vert.x-Web Access Control Flaw in StaticHandler’s Hidden File Protection for Files Under Hidden Directories Moderate
CVE-2025-11965 was published for io.vertx:vertx-web (Maven) Oct 22, 2025
Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget Moderate
CVE-2025-62249 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 21, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database